Can we on-board a HA SD-WAN site to Prisma Access as a non ECMP site?

Can we on-board a HA SD-WAN site to Prisma Access as a non ECMP site?

1241
Created On 07/28/23 17:03 PM - Last Modified 06/01/24 02:49 AM


Question


Can we on-board a HA SD-WAN site to Prisma Access as a non ECMP site ?

Environment


  • Prisma Access Cloudblades version 3.1.6 and version 4.0.0
  • Prisma SD-WAN High Availability site 

Answer


  1. Prisma Access Cloudblades does not support on-boarding a HA site as a non ECMP site.
  2. One can on-board it only as a ECMP site if prisma_ha_primary is added on the active ION.
Workaround:
  1. When Onboarding a non ECMP site, do not add the "prisma_ha_primary" tag on the active ION.
  2. This will be considered as a non ha site and then one can on-board it as a non ECMP site .

Additional Information


  • Validation errors are seen on panorama  when trying to on-board it as a non ECMP site . 
Partial changes to commit: changes to configuration by administrators: __cloud_services
Changes to all template configuration
Proxy id 'AUTO-CGX_siteDSC_01_1490' cannot be set for 'AUTO-CGX_siteDSC_01_1490' Ipsec tunnel which is part of ECMP load balancing configuration.
Proxy id 'AUTO-CGX_siteDSC_02_1490' cannot be set for 'AUTO-CGX_siteDSC_02_1490' Ipsec tunnel which is part of ECMP load balancing configuration.
Failed plugin validation


Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g1xWCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail